[nsp-sec] Multiple DDoS attacks
Stephen Gill
gillsr at cymru.com
Tue Jul 7 02:31:17 EDT 2009
Hi Folks,
I took a poke at some of the Ips and as far as I could tell these were also
some likely attack targets observed on July 05 based on UDP -> 80:
118.215.98.135
118.215.90.135
118.215.218.135
118.215.210.135
118.215.34.135
69.192.147.130
69.192.154.135
209.131.36.158 (yahoo.com)
68.180.195.221 (finance.yahoo.com)
72.21.210.250 (amazon.com)
69.174.88.19
125.252.235.130
125.252.195.130
96.7.74.135
This one I didn't see any UDP 80 traffic and was fairly low on the
triangulation list (9 out of 500 Ips seen heading here):
67.221.166.105:80 (media.filecabi.net)
23342 | 67.221.166.105 | UNITEDLAYER - Unitedlayer, Inc.
It's a weak link possible C&C connection, but someone might know more about
the host, and it could have easily been another target.
-- steve
More information about the nsp-security
mailing list